Welcome to our Cybersecurity News Rundown for the month of September 2017. Here, we will be sharing latest and trending news on events and technological updates from the world of cybersecurity that happened over the past month. Make sure to visit the News Rundown by the end of every month for quick highlights and insights.
1. Massive Equifax data breach affects more than 140 million US customers
Equifax, one of the largest credit card reporting agencies in the US, suffered a massive data breach this month. The data breach was discovered on 29th July and publicly disclosed on 7th September; more than 6 weeks later.
As many as 143 million US customers are said to be affected. The breached data includes SSN, driving license number, birth dates, and addresses of about half of the US population. The Equifax data breach exposed 209,000 credit card numbers, affecting multiple customers from Canada and United Kingdom also.
2. Apple’s developer website down, amid hacking fears
On 6th September 2017, several Apple developers reported a possible security breach as their account addresses on Apple’s developer website were replaced by a different address in Russia.
Later, Apple developer support team sent a note to the developers affirming that there is no security breach. The problem was originated owing to a bug in the account management application.
3. OurMine hacks Vevo music video service, leaks 3.12TB of data
OurMine has made it to the news again. After hacking social media accounts of HBO, WikiLeaks website, BuzzFeed, TechCrunch and Mark Zuckerberg’s Twitter account, this time they poisoned Vevo online music and video services.
Vevo, a joint venture between Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, Universal Music Group and Alphabet Inc., was hacked by the infamous group of white hat hackers, OurMine. The hackers leaked about 3.12TB of internal files online. The data comprises of internal official documents, social media content, promotional content, videos, and information related to recording artists who signed for the participating record companies.
4. Bashware malware targets Windows Subsystem for Linux (WSL)
As many people welcomed the launch of Windows Subsystem for Linux (WSL) in Windows 10, the experts found it as a potential security issue. Researchers found a new malware known as Bashware, that allows the hackers to silently run malware on the user’s system. It also allows the malicious code to use the Linux shell to bypass the security solution.
As per the researchers, this new method of cyber attack is very easy to exploit and it can be utilized to circumvent the most common security solutions. Bashware malware is specifically designed for Linux and can run undetected on Windows systems.
5. EDGAR database of SEC was hacked despite warnings on security
Securities and Exchange Commission (SEC) of USA disclosed a hack of one of its corporate filing systems that actually occurred last year. This data breach raised many questions about vulnerabilities within the SEC and the time taken to disclose the breach, on which SEC says that they were not aware of the breach. The firm got to know about the data breach last month from the information obtained by the intruders who might have been using data for illegal trading profits.
Despite receiving multiple warnings on security issues and vulnerabilities in the agency’s cybersecurity controls, SEC had to face the data breach. The impact of the breach was not disclosed by the firm, as which individuals or agencies may have been affected.
6. Cyber-attack hits Deloitte, reveals client’s information and emails
Deloitte, a UK incorporated professional service firm, was hit by a sophisticated cyber attack. The confidential emails of the firm’s clientele are compromised and revealed on the Internet. Deloitte is one of the “Big Four” accountancy firms which is registered in London with global headquarters in New York. The firm was the victim of a cyber attack that went unnoticed for months. It is believed that the hackers have had the access to the company’s systems since October 2016, but the breach was discovered in the month of March 2017.
The accounting firm informed 6 of its clients about the data breach and the information that was impacted by the cyber attack. The hackers breached into the network using the administration account of the firm’s global email server.